public interface SecurityContext
SecurityContextImpl
Modifier and Type | Method and Description |
---|---|
void |
addAuthenticationMechanism(AuthenticationMechanism mechanism)
Deprecated.
This method is now only applicable to
SecurityContext implementations that also implement the AuthenticationMechanismContext interface. |
boolean |
authenticate()
Performs authentication on the request.
|
void |
authenticationComplete(Account account,
String mechanismName,
boolean cachingRequired)
Called by the
AuthenticationMechanism to indicate that an account has been successfully authenticated. |
void |
authenticationFailed(String message,
String mechanismName)
Called by the
AuthenticationMechanism to indicate that an authentication attempt has failed. |
Account |
getAuthenticatedAccount()
Obtain the
Account for the currently authenticated identity. |
List<AuthenticationMechanism> |
getAuthenticationMechanisms()
Deprecated.
Obtaining lists of mechanisms is discouraged, however there should not be a need to call this anyway.
|
IdentityManager |
getIdentityManager()
Deprecated.
Authentication mechanisms that rely on the
IdentityManager should instead hold their own reference to it. |
String |
getMechanismName() |
boolean |
isAuthenticated() |
boolean |
isAuthenticationRequired()
Returns true if authentication is required
|
boolean |
login(String username,
String password)
Attempts to log the user in using the provided credentials.
|
void |
logout()
de-authenticates the current exchange.
|
void |
registerNotificationReceiver(NotificationReceiver receiver)
Register a
NotificationReceiver interested in receiving notifications for security events that happen on this SecurityContext. |
void |
removeNotificationReceiver(NotificationReceiver receiver)
Remove a previously registered
NotificationReceiver from this SecurityContext. |
void |
setAuthenticationRequired()
Marks this request as requiring authentication.
|
boolean authenticate()
true
it can still have committed the response (e.g. form auth redirects back to the original
page). Callers should check that the exchange has not been ended before proceeding.true
if either the request is successfully authenticated or if there is no failure validating the
current request so that the request should continue to be processed, false
if authentication was not
completed and challenge has been prepared for the client.boolean login(String username, String password)
AuthenticatedSessionManager
(if any), so subsequent requests will automatically be authenticated
as this user.
This operation may block
username
- The usernamepassword
- The passwordtrue
if the login succeeded, false otherwisevoid logout()
void setAuthenticationRequired()
authenticate()
is called without first calling this method then the request will continue as normal even if the authentication
was not successful.boolean isAuthenticationRequired()
true
If authentication is required@Deprecated void addAuthenticationMechanism(AuthenticationMechanism mechanism)
SecurityContext
implementations that also implement the AuthenticationMechanismContext
interface.authenticate()
is
called mechanisms will be iterated over in the order they are added, and given a chance to authenticate the user.mechanism
- The mechanism to add@Deprecated List<AuthenticationMechanism> getAuthenticationMechanisms()
boolean isAuthenticated()
Account getAuthenticatedAccount()
Account
for the currently authenticated identity.Account
for the currently authenticated identity or null
if no account is currently authenticated.String getMechanismName()
@Deprecated IdentityManager getIdentityManager()
IdentityManager
should instead hold their own reference to it.IdentityManager
to use to make account verification decisions.IdentityManager
void authenticationComplete(Account account, String mechanismName, boolean cachingRequired)
AuthenticationMechanism
to indicate that an account has been successfully authenticated.
Note: A successful verification of an account using the IdentityManager
is not the same as a successful
authentication decision, other factors could be taken into account to make the final decision.account
- - The authenticated Account
mechanismName
- - The name of the mechanism used to authenticate the account.cachingRequired
- - If this mechanism requires cachingvoid authenticationFailed(String message, String mechanismName)
AuthenticationMechanism
to indicate that an authentication attempt has failed.
This should only be called where an authentication attempt has truly failed, for authentication mechanisms where an
additional round trip with the client is expected this should not be called.
Where possible the failure message should contain the name of the identity that authentication was being attempted for,
however as this is not always possible to identify in advance a generic message may be all that can be reported.message
- - The message describing the failure.mechanismName
- - The name of the mechanism reporting the failure.void registerNotificationReceiver(NotificationReceiver receiver)
NotificationReceiver
interested in receiving notifications for security events that happen on this SecurityContext.receiver
- - The NotificationReceiver
to register.void removeNotificationReceiver(NotificationReceiver receiver)
NotificationReceiver
from this SecurityContext.
If the supplied receiver has not been previously registered this method will fail silently.receiver
- - The NotificationReceiver
to remove.Copyright © 2019 JBoss by Red Hat. All rights reserved.